AW: [Openswan Users] L2TP-IPsec with NAT-passthrough (UDP-checksum)problem

Paul Wouters paul at xelerance.com
Wed Sep 29 02:00:30 CEST 2004


On Tue, 28 Sep 2004, Andreas Kemper wrote:

> No, NAT-T definitely does not work with these passthrough routers. I tried
> it once with a "real" NAT-device (by means of "iptables" on a linux box),
> where it's been working properly.
>
> Well, now I'm pretty sure that this might be a particular problem of my
> combination of Kernel 2.4.25 and OSW 1.0.3.

These two statements contradict each other. If your nat box is breaking 
things, switching kernels or openswan won't help you.

> Thus I tried the original SuSE 2.4.21-2xx kernel (from version 9.0).
> Unfortunately, there I had some problems with the configuration. After
> startup without any existing tunnels, two routes with 0.0.0.0/0 and
> 128.0.0.0/0 destination have been set-up on "ipsec0" towards the standard
> gateway. Following startup the entire machine wasn't reachable over the
> network anymore. ;-(

include /etc/ipsec.examples/no_oe.conf

> Does anyone know, whether I can use the SuSE 9.0 binary RPM for SuSE 9.1 as
> well??

Teh binaries we build we build on 9.1. (ftp.openswan.org/openswan/binaries/Suse-RPMS/

Paul
-- 
 	"Non cogitamus, ergo nihil sumus"


More information about the Users mailing list